Trend Micro’s report for the first half of the year highlights the resilience of cybercriminals.
Trend Micro Incorporated warned that recent efforts by authorities have failed to neutralize the new wave of attacks by hackers using artificial intelligence and other techniques.
U Tony Lee, Head of Consulting in Trend Micro, says: “Trend Micro may have blocked more than 75.9 billion threats for its customers in the first half of the year, but this is no cause for complacency. As malicious actors begin to tool AI, the industry must respond in kind by designing security strategies that take into account evolving threats. It’s a game we can’t afford to lose.”
As detailed in the semi-annual review report, the threat of cyber attacks remains high despite successful actions by the authorities against LockBit (Operation Cronos), malware dropper networks (Operation Endgame) and the Unauthorized use of Cobalt Strike (Operation Morpheus).
A major source of concern is the criminal use and abuse of artificial intelligence. Trend Micro discovered that perpetrators are hiding malware in legitimate software using AI. They also operate illegal broad language models (LLM) and even sell jailbreaks. The latter allow cybercriminals to trick generative AI bots into answering questions that go against their own policies – mainly through the development of malware and social engineering traps.
In addition, in the first half of 2024, cybercriminals will increase deepfake services to perform virtual kidnappings, conduct targeted BEC imitation fraud and bypass KYC checks. For this purpose, Trojan malware was developed to collect biometric data.
Other notable events in the first half of 2024 include:
– LockBit remains the most widespread type of ransomware, despite the authorities’ efforts to suppress it. In fact, a new variant of it, LockBit-NG-Dev, has been developed.
– Cybercriminals have taken advantage of major events such as the Olympics and national elections of various states to launch targeted attacks.
– Large APT campaigns exploit geopolitical tensions, such as that of Terra Luska, which has benefited from turbulent China-Taiwan relations.
– Pro-government actors used sophisticated techniques to compromise routers with Internet access to carry out targeted attacks.
– Various groups have targeted cloud applications and services, abusing exposed credentials, outstanding resources, vulnerabilities, and even legitimate (but otherwise misconfigured) tools.